The USB port is everywhere. We use it to charge our mobile devices (for non-Apple devices), connect printers, cameras, keyboards, and just about anything else you can think of. Because of this, you would be forgiven for thinking that the USB port isn’t harmful. Unfortunately, that isn’t the case at all. The USB port can be used for all manner of nefarious activities on computers from hacking them to stealing data. In this month’s training, we are going to show you why USBs can be dangerous and how to protect against them. Let’s get started.

Since the USB port can be used for just about anything, it means that any of these capabilities can be used in a malicious way. The first device on the market for this was known as the Rubber Ducky.

The picture to the left is the Rubber Ducky. It looks just like a normal flash drive. However, when this device is plugged into a computer, it tells the computer it is a keyboard. Because keyboards aren’t seen as a threat, the computer doesn’t do anything to stop it. Once the device is seen as a keyboard, it will begin running a script stored on the Rubber Ducky. It will type at extremely fast speeds and begin executing commands. These could be malicious events like adding an administrator account to the computer, making a connection from the computer out onto the internet to create a backdoor, or stealing documents and passwords.

The main thing to remember about these is that they look just like any other USB flash drive and by the time you’ve plugged it in, it’s too late. The programs will execute with such speed that you won’t be able to stop it.

These tools are easily available online from many retailers including Amazon. It isn’t difficult for someone to purchase them and then begin using them wherever they desire.

One final thing, most won’t have the little duck sticker. That is just for marketing. The ones found in the field will look like flash drives.

Over the years, the Rubber Duck concept has evolved into an entirely new type of attack known as Bad USB. Now there are dozens of devices available that can perform these attacks and many don’t look like flash drives at all. They can be disguised as anything and their capabilities have increased. Now they can be programmed with dozens of attacks, controlled remotely through Bluetooth and WiFi.

This device is the Flipper Zero. It is a custom-built tool for all sorts of hacking. It has Bad USB capabilities along with a LOT of others. It can clone tokens for building access, read the information stored on credit cards, and open garage doors. In the hands of a capable user, it can even unlock the doors to your car. Oh, and it can turn TVs on and off and change their channels. That is a lot of capability built into something designed to look like a children’s toy. Most people wouldn’t think anything of seeing this all the while it was being used to wreak havoc.

So how do you protect yourself against these devices? BadUSB won’t usually work when the PC is locked. That is why it is critical that you have your computer locked after a few minutes of activity. This will help prevent these attacks from being successful. While it can be annoying to have to log back in throughout the day, it gives you a lot of protection. Imagine practices that have computers in the exam rooms or in common areas. If these are left alone for a couple of minutes, patients can plug devices like these into those computers and potentially create a back door into the network.

Here is an example of the Flipper Zero being used to steal credit cards from unsuspecting people.